IS3445 CHAP 8 SECURING WEB APPLICATIONS

Question 1

___ is a block cypher encryption standard that creates keys from 128 bis to 256 bits in length. AKA Rijndail.

Answer 1

(AES) Advanced Encryption Standard

Question 2

___ is input validation mechanisms on the silent side using the client browser.

Answer 2

Client-side validation

Question 3

___ is backtracking up a directory path using “../” or dot.dot.slash to access areas not intended to be accessible.

Answer 3

Canonicalization attacks

Question 4

___is an encryption standard using a 56-bit key encryption method.

Answer 4

(DES) Data encryption standard

Question 5

___is a small electronic file that serves to validate or encrypt a message or browser session. These are often used to create a digital signature which offers non-repudiation of a user or a Web site.

Answer 5

Digital certificate

Question 6

___is an access control method in which access is not forced from the administrator or the operating system; rather, access is controlled by the information’s owner.

Answer 6

(DAC) Discretionary access control

Question 7

___ is a security measures such as firewalls, IDSs, and antivirus solutions installed directly on a client system.

Answer 7

Host-based security

Question 8

___ is an access control mechanism in which access is controlled and dictated by the network administrator.

Answer 8

(MAC) Mandatory access control

Question 9

___ is a family of secret key cryptographic algorithms from RSA Security, Inc.

Answer 9

Rivest Cipher

Question 10

___ A formal document from the Internet Engineering Task Force (IETF) that is the result of committee drafting and revision of a technical document.

Answer 10

(RFC) Request for Comments

Question 11

___An access control mechanism in which access decisions are determined by the roles that individual users have as part of an organization.

Answer 11

Role based access control

Question 12

___ An access control mechanism in which access to objects is controlled according to established rules.

Answer 12

Rule based access control

Question 13

___ is the process of planning, designing, creating, testing, deploying, and maintaining software.

Answer 13

(SDLC) Software development life cycle

Question 14

___ is the special type of access control list that monitors attempts to get into secured objects on a system.

Answer 14

(SACL) System access control list

Question 15

___ is and encryption method that uses three 56-bit encryption keys.

Answer 15

(3DES) Triple Data Encryption Standard

Question 16

1. SFTP is a secure version of FTP.

TRUE OR FALSE

Answer 16

TRUE

Question 17

2. You are the administrator of large network. The network has several groups of users–including students, administrators, developers, and front-end staff. Each user on the network is assigned network access depending on his or her job in the organization. Which access control method is being used?
3. Discretionary access control
4. Role based access control
5. Rule based access control
6. Mandatory access control

Answer 17

Role based access control

Question 18

3. Discretionary access control uses an access control list to determine access.
   TRUE OR FALSE

Answer 18

TRUE

Question 19

4. As a network administrator, you are concerned with the clear-text transmission os sensitive data on the network. Which of the following protocols are used to help secure communications? (Select two)
5. FTPv2
6. SCP
7. SSL
8. SNMP

Answer 19

SCP

SSL

Question 20

5. As part of the networks’s overall security strategy, you want to establish an access control method in which the owner decides who can and who cannot access the information. Which type of access control method is being described?
6. Mandatory access control
7. Role based access control
8. Discretionary access control
9. Rule based access control

Answer 20

Discretionary access control

Question 21

6. ___ and HTTP are combined to secure online transactions.

Answer 21

Secure Sockets Layer or SSL

Question 22

7. Mandatory access control secures information and resources by assigning sensitivity labels on objects and comparing this to the level of sensitivity a user is assigned.
   TRUE OR FALSE

Answer 22

TRUE

Question 23

8. ___, AKA Rijndail, is a block cipher encryption standard. It can create keys from 128 bits to 256 bits in length.

Answer 23

Advanced Encryption Standard (AES)

Question 24

9. As a network administrator, you have configured your company’s firewall to allow remote users access to the network only between the hours of 1:00 p.m. and 4:)) p.m. which type of access control method is being used?
10. Discretionary access control
11. Role based access control
12. Mandatory access control
13. Rule based access control

Answer 24

Rule based access control

Question 25

10. You are concerned about the integrity of messages sent over your HTTP connection. You use HTTPS to secure the communication. Which of the following are hashing protocols used with SSL to provide security? (Select two)
11. IPSec
12. SHA1
13. MD5
14. SFTP

Answer 25

SHA1

MD5

Question 26

11. A malicious user can insert tags into your Web pages, creating interactive content designed to steal information from your users.
    TRUE OR FALSE

Answer 26

TRUE

Question 27

12. Authorization is any process by which you verify that someone is who they claim they are.
    TRUE OR FALSE

Answer 27

FALSE